Introduction
To avoid confusion and set a shared basis, I always define certain words before diving deep into a given topic. Financial technology, or Fintech, is a broad category that refers to the use of technology in the inception, creation, deployment, operation, and maintenance of financial services and products. Some examples of Fintech products and services are Online Payment Services, Investment Platforms, Online Banking, Crypto Platforms, Crypto Wallets, Insurance, Lending Services, etc.
Fintech involves a lot of different branches and categories, but they all have a lot in common —what I call “the basics,” which I’ll describe in detail below. It’s not trivial to get the basics right, but of the utmost importance.
In this article, we’ll talk about the technical challenges that Fintech projects face after inception.
Why are we interested in Fintech? There is a lot of activity in the Fintech sector, from new technologies or techniques, like blockchain and DAOs (Decentralized Autonomous Organizations), to products and platforms offering innovative services to help us control our finances using machine learning. On the financial side, a significant percentage of the overall investment in technology falls into the Fintech vertical. And this industry is responsible for some of the most exciting IT research and development projects today.
And last but not least, errors in this sector usually translate into direct monetary losses, which is not necessarily the case in other industries. To make things worse, those losses often go beyond business revenue: They affect clients and users too. We have to be extra careful when handling other people or business’s money.
Horror stories
Getting the basics right is not free or cheap. But the potential impact of the decisions made early in the process cannot be overstated.
To keep you motivated and help justify the investment, here are some cases where things didn’t go well, as a reminder of the variety of things that can go wrong in a Fintech project.
Let’s start at the DNS level. “It’s always the DNS,” many security experts often say. The DNS or domain name servers are responsible for translating or redirecting humanly readable addresses or domain names (like patagonian.com) to IP addresses, the ones understood by computers. Whoever owns access to configuring the DNS records is the brand’s owner.
The first horror story involves a client whose main DNS account was compromised. The attacker changed the domain name servers to direct all traffic to their site, tricking users into believing they were accessing the original location while logging into a fake site and exposing their passwords.
The client’s platform was safe and had multiple security measures in place to prevent attacks. But changing the DNS means that requests never even got to the platform. All security measures were bypassed right at the start, that is, the DNS. To make matters worse, even though the attack was detected early, DNS propagation times made the issue last some hours after detection.
But here’s another horror story to illustrate the variety of issues that may arise: A testing employee from a big Argentinean bank mistakenly notified its entire client base via SMS with random quotes from The Simpsons meant for testing environments. Facepalm.
Smart contracts and blockchains are not flawless, either. The development team behind Ethereum noticed that the decentralized autonomous organization (DAO) that Ethereum had been using was hacked. To solve this, the Ethereum network forked (called a hard fork) to revert the situation and patch a vulnerability.
In October 2022, Binance got hacked for about $500M, and they had to pause the network, showing the world that the platform is not as decentralized as you would expect, as they were able to stop transactions and freeze the network until they patched the defect.
In another case, a client shared AWS credentials with multiple software development service providers. Someone took advantage of the account’s unlimited access and created servers for $100,000 during Black Friday.
The list could go on and on, from errors in interest calculations that amount to millions of dollars to unsecured public buckets. And we haven’t seen the end of it, for sure. Software development is still a human activity and is prone to errors and misbehavior. And in financial industries, this issue has the potential for monetary impact.
How can we ensure we have what it takes to implement a Fintech project successfully? There are a few things that you should cover to improve your chances of success.
One reply on “Fintech: Get the basics right [Part 1]”
[…] Part 1: The list of the basics. […]